From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH pve-network 11/17] api: add fabrics subfolder
Date: Wed, 02 Apr 2025 12:41:26 +0200 [thread overview]
Message-ID: <1743587597.uxpiwfvh9n.astroid@yuna.none> (raw)
In-Reply-To: <20250328171340.885413-39-g.goller@proxmox.com>
On March 28, 2025 6:13 pm, Gabriel Goller wrote:
> From: Stefan Hanreich <s.hanreich@proxmox.com>
>
> Add a new subfolder that contains the API methods for the sdn
> fabrics. We also add a method for listing all fabrics of all types as
> a GET endpoint, with the respective schemas. It supports the same
> filtering options as the other SDN GET endpoints (pending / running).
>
> We also need to add a special case in encode_value for the interface
> key of nodes, since they require special handling when encoding
> because they are arrays.
>
> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> Co-authored-by: Gabriel Goller <g.goller@proxmox.com>
> Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
> ---
> src/PVE/API2/Network/SDN.pm | 7 +
> src/PVE/API2/Network/SDN/Fabrics.pm | 294 ++++++++++++++++++++++++++++
> src/PVE/API2/Network/SDN/Makefile | 2 +-
> src/PVE/Network/SDN.pm | 2 +-
> 4 files changed, 303 insertions(+), 2 deletions(-)
> create mode 100644 src/PVE/API2/Network/SDN/Fabrics.pm
>
> diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm
> index d216e4878b61..ccbf0777e3d4 100644
> --- a/src/PVE/API2/Network/SDN.pm
> +++ b/src/PVE/API2/Network/SDN.pm
> @@ -17,6 +17,7 @@ use PVE::API2::Network::SDN::Vnets;
> use PVE::API2::Network::SDN::Zones;
> use PVE::API2::Network::SDN::Ipams;
> use PVE::API2::Network::SDN::Dns;
> +use PVE::API2::Network::SDN::Fabrics;
>
> use base qw(PVE::RESTHandler);
>
> @@ -45,6 +46,11 @@ __PACKAGE__->register_method ({
> path => 'dns',
> });
>
> +__PACKAGE__->register_method ({
> + subclass => "PVE::API2::Network::SDN::Fabrics",
> + path => 'fabrics',
> +});
> +
> __PACKAGE__->register_method({
> name => 'index',
> path => '',
> @@ -76,6 +82,7 @@ __PACKAGE__->register_method({
> { id => 'controllers' },
> { id => 'ipams' },
> { id => 'dns' },
> + { id => 'fabrics' },
> ];
>
> return $res;
> diff --git a/src/PVE/API2/Network/SDN/Fabrics.pm b/src/PVE/API2/Network/SDN/Fabrics.pm
> new file mode 100644
> index 000000000000..c9064b0ea05b
> --- /dev/null
> +++ b/src/PVE/API2/Network/SDN/Fabrics.pm
> @@ -0,0 +1,294 @@
> +package PVE::API2::Network::SDN::Fabrics;
> +
> +use strict;
> +use warnings;
> +
> +use Storable qw(dclone);
> +
> +use PVE::RPCEnvironment;
> +use PVE::Tools qw(extract_param);
> +
> +use PVE::API2::Network::SDN::Fabrics::OpenFabric;
> +use PVE::API2::Network::SDN::Fabrics::Ospf;
> +
> +use PVE::Network::SDN::Fabrics;
> +
> +use PVE::RESTHandler;
> +use base qw(PVE::RESTHandler);
> +
> +__PACKAGE__->register_method ({
> + subclass => "PVE::API2::Network::SDN::Fabrics::OpenFabric",
> + path => 'openfabric',
> +});
> +__PACKAGE__->register_method ({
> + subclass => "PVE::API2::Network::SDN::Fabrics::Ospf",
> + path => 'ospf',
> +});
> +
> +my $openfabric_interface_fmt = {
> + name => {
> + type => 'string',
> + description => 'Name of the interface',
string without format
> + },
> + ip => {
> + type => 'string',
> + description => 'The IPv4 address of the interface',
string without format
> + optional => 1,
> + },
> + ipv6 => {
> + type => 'string',
> + description => 'The IPv6 address of the interface',
string without format
> + optional => 1,
> + },
> + passive => {
> + type => 'boolean',
> + description => 'The passive property of the interface',
> + optional => 1,
> + },
> + hello_interval => {
> + type => 'number',
> + description => 'The hello_interval property of the interface',
> + optional => 1,
> + },
> + csnp_interval => {
> + type => 'number',
> + description => 'The csnp_interval property of the interface',
> + optional => 1,
> + },
> + hello_multiplier => {
> + type => 'number',
> + description => 'The hello_multiplier property of the interface',
> + optional => 1,
> + },
not sure whether these have min/max values?
> +};
> +
> +PVE::JSONSchema::register_format('pve-sdn-openfabric-interface', $openfabric_interface_fmt);
> +
> +my $ospf_interface_fmt = {
> + name => {
> + type => 'string',
> + description => 'Name of the interface',
string without format
> + },
> + passive => {
> + type => 'boolean',
> + description => 'The passive property of the interface',
> + optional => 1,
> + },
> + ip => {
> + type => 'string',
> + description => 'The IPv4 address of the interface',
string without format
> + optional => 1,
> + },
> + unnumbered => {
> + type => 'boolean',
> + description => 'If the interface is unnumbered',
> + optional => 1,
> + },
> +};
> +
> +PVE::JSONSchema::register_format('pve-sdn-ospf-interface', $ospf_interface_fmt);
> +
> +__PACKAGE__->register_method({
> + name => 'index',
> + path => '',
> + method => 'GET',
> + description => 'Index of SDN Fabrics',
> + permissions => {
> + description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/sdn/fabrics/<protocol>/<fabric>'",
> + user => 'all',
> + },
> + parameters => {
> + additionalProperties => 0,
> + properties => {
> + running => {
> + type => 'boolean',
> + optional => 1,
> + description => "Display running config.",
> + },
> + pending => {
> + type => 'boolean',
> + optional => 1,
> + description => "Display pending config.",
> + },
> + },
> + },
> + returns => {
> + type => 'object',
> + properties => {
> + openfabric => {
> + type => 'array',
> + items => {
> + type => 'object',
> + properties => {
> + name => {
> + type => 'string',
> + description => 'Id of the fabric'
> + },
> + 'type' => {
> + type => 'string',
> + description => 'What type of config is this',
> + },
> + 'config' => {
> + type => 'object',
> + 'type-property' => 'type',
> + oneOf => [
> + {
> + 'instance-types' => ['node'],
> + type => 'object',
> + description => 'Node config',
> + properties => {
> + node => {
> + type => 'object',
> + properties => {
> + net => {
> + type => 'string',
> + description => 'The NET (Network Entity Title) of this node',
> + },
> + loopback_prefix => {
> + type => 'string',
> + description => 'The IP prefix for Loopback IPs',
> + },
> + interface => {
> + type => 'array',
> + description => 'The OpenFabric interfaces on this node',
> + items => {
> + type => 'string',
> + description => 'OpenFabric interface',
> + format => 'pve-sdn-openfabric-interface'
> + },
> + },
> + },
> + },
> + },
> + },
> + {
> + 'instance-types' => ['fabric'],
> + type => 'object',
> + description => 'Fabric config',
> + properties => {
> + fabric => {
> + type => 'object',
> + properties => {
> + loopback_prefix => {
> + type => 'string',
> + description => 'The IP prefix for Loopback IPs',
> + },
> + hello_interval => {
> + type => 'integer',
> + optional => 1,
> + description => 'The global hello_interval parameter in seconds that will be set on every interface',
> + },
> + },
> + },
> + },
> + }
> + ],
> + },
> + },
> + },
> + },
> + ospf => {
> + type => 'array',
> + items => {
> + type => 'object',
> + properties => {
> + name => {
> + type => 'string',
> + description => 'Id of the fabric'
> + },
> + config => {
> + type => 'object',
> + 'type-property' => 'type',
> + oneOf => [
> + {
> + 'instance-types' => [ 'node' ],
> + type => 'object',
> + description => 'Node config',
> + properties => {
> + node => {
> + type => 'object',
> + properties => {
> + router_id => {
> + type => 'string',
> + description => 'The Router ID of this node',
> + },
> + interface => {
> + type => 'array',
> + description => 'The OSPF interfaces on this node',
> + items => {
> + type => 'string',
> + description => 'OSPF interface',
> + format => 'pve-sdn-ospf-interface',
> + },
> + },
> + },
> + },
> + },
> + },
> + {
> + 'instance-types' => [ 'fabric' ],
> + type => 'object',
> + description => 'Fabric config',
> + properties => {
> + fabric => {
> + type => 'object',
> + },
> + },
> + }
> + ]
> + },
> + },
> + },
> + },
> + },
> + },
> + code => sub {
> + my ($param) = @_;
> + my $rpcenv = PVE::RPCEnvironment::get();
> +
> + my $running = extract_param($param, 'running');
> + my $pending = extract_param($param, 'pending');
> +
> + my $fabric_config = PVE::Network::SDN::Fabrics::config();
> + my $running_config = PVE::Network::SDN::running_config();
> + my $config;
> +
> + my $authuser = $rpcenv->get_user();
> + my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
I wonder whether it would make sense to check whether there are any
privs below the /sdn/fabrics root here, and move the config loading
below that check, to avoid leaking things via error messages if
something is misconfigured?
also, doesn't this return quite a lot of information for an "index"
call that just requires SDN.Audit? it might make sense to filter the
information below based on whether we have Audit or Allocate privs?
> +
> + my $res = {};
> + foreach my $protocol (keys %$fabric_config) {
> + $res->{$protocol} = [];
> +
> + if ($pending) {
> + # pending_config expects the section config to be under the ids
> + # key, but get_inner() returns it without that key
> + my $section_config = {
> + ids => $fabric_config->{$protocol}->get_inner(),
> + };
> +
> + $config = PVE::Network::SDN::pending_config(
> + $running_config,
> + $section_config,
> + $protocol
> + );
> +
> + $config = $config->{ids};
> + } elsif ($running) {
> + $config = $running_config->{$protocol}->{ids};
> + } else {
> + $config = $fabric_config->{$protocol}->get_inner();
> + }
> +
> + foreach my $id (sort keys %$config) {
> + my $entry = $config->{$id};
> + next if !$rpcenv->check_any($authuser, "/sdn/fabrics/$protocol/$entry->{name}", $privs, 1);
this is a new ACL path, but it's not possible to configure it because
there is no pve-access-control patch allowing it - did you test the
permissions part? ;)
> +
> + push @{$res->{$protocol}}, dclone($entry);
> + }
> + }
> + return $res;
> + },
> +});
> +
> +1;
> diff --git a/src/PVE/API2/Network/SDN/Makefile b/src/PVE/API2/Network/SDN/Makefile
> index abd1bfae020e..4dbb6c92fd82 100644
> --- a/src/PVE/API2/Network/SDN/Makefile
> +++ b/src/PVE/API2/Network/SDN/Makefile
> @@ -1,4 +1,4 @@
> -SOURCES=Vnets.pm Zones.pm Controllers.pm Subnets.pm Ipams.pm Dns.pm Ips.pm
> +SOURCES=Vnets.pm Zones.pm Controllers.pm Subnets.pm Ipams.pm Dns.pm Ips.pm Fabrics.pm
>
>
> PERL5DIR=${DESTDIR}/usr/share/perl5
> diff --git a/src/PVE/Network/SDN.pm b/src/PVE/Network/SDN.pm
> index 24879dc0e76a..b35767b667b4 100644
> --- a/src/PVE/Network/SDN.pm
> +++ b/src/PVE/Network/SDN.pm
> @@ -344,7 +344,7 @@ sub generate_dhcp_config {
> sub encode_value {
> my ($type, $key, $value) = @_;
>
> - if ($key eq 'nodes' || $key eq 'exitnodes' || $key eq 'dhcp-range') {
> + if ($key eq 'nodes' || $key eq 'exitnodes' || $key eq 'dhcp-range' || $key eq 'interface') {
I hope this doesn't ever bite us, 'interface' (and 'nodes' for that matter) is quite generic..
> if (ref($value) eq 'HASH') {
> return join(',', sort keys(%$value));
> } elsif (ref($value) eq 'ARRAY') {
> --
> 2.39.5
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-04-02 10:42 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-28 17:12 [pve-devel] [PATCH cluster/docs/manager/network/proxmox{, -ve-rs, -firewall, -perl-rs} 00/52] Add SDN Fabrics Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox 1/1] serde: add string_as_bool module for boolean string parsing Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 01/17] add proxmox-network-types crate Gabriel Goller
2025-03-31 14:09 ` Thomas Lamprecht
2025-03-31 14:38 ` Stefan Hanreich
2025-03-31 16:20 ` Thomas Lamprecht
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 02/17] network-types: add common hostname and openfabric types Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 03/17] network-types: add openfabric NET type Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 04/17] network-types: move Ipv4Cidr and Ipv6Cidr types Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 05/17] frr: create proxmox-frr crate Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 06/17] frr: add common frr types Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 07/17] frr: add openfabric types Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 08/17] frr: add ospf types Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 09/17] frr: add route-map types Gabriel Goller
2025-03-28 17:12 ` [pve-devel] [PATCH proxmox-ve-rs 10/17] frr: add generic types over openfabric and ospf Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-ve-rs 11/17] frr: add serializer for all FRR types Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-ve-rs 12/17] ve-config: add openfabric section-config Gabriel Goller
2025-03-31 13:48 ` Christoph Heiss
2025-03-31 15:04 ` Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-ve-rs 13/17] ve-config: add ospf section-config Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-ve-rs 14/17] ve-config: add FRR conversion helpers for openfabric and ospf Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-ve-rs 15/17] ve-config: add validation for section-config Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-ve-rs 16/17] ve-config: add section-config to frr types conversion Gabriel Goller
2025-03-31 13:51 ` Christoph Heiss
2025-03-31 14:31 ` Stefan Hanreich
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-ve-rs 17/17] ve-config: add integrations tests Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-firewall 1/1] firewall: nftables: migrate to proxmox-network-types Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-perl-rs 1/7] perl-rs: sdn: initial fabric infrastructure Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-perl-rs 2/7] perl-rs: sdn: add CRUD helpers for OpenFabric fabric management Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-perl-rs 3/7] perl-rs: sdn: OpenFabric perlmod methods Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-perl-rs 4/7] perl-rs: sdn: implement OSPF interface file configuration generation Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-perl-rs 5/7] perl-rs: sdn: add CRUD helpers for OSPF fabric management Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-perl-rs 6/7] perl-rs: sdn: OSPF perlmod methods Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH proxmox-perl-rs 7/7] perl-rs: sdn: implement OSPF interface file configuration generation Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-cluster 1/1] cluster: add sdn fabrics config files Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 01/17] sdn: fix value returned by pending_config Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 02/17] debian: add dependency to proxmox-perl-rs Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 03/17] fabrics: add fabrics module Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 04/17] refactor: controller: move frr methods into helper Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 05/17] controllers: implement new api for frr config generation Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 06/17] sdn: add frr config generation helper Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 07/17] test: isis: add test for standalone configuration Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 08/17] sdn: frr: add daemon status to frr helper Gabriel Goller
2025-04-02 10:41 ` Fabian Grünbichler
2025-04-02 10:50 ` Stefan Hanreich
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 09/17] sdn: running: apply fabrics config Gabriel Goller
2025-04-02 10:41 ` Fabian Grünbichler
2025-04-02 12:26 ` Stefan Hanreich
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 10/17] fabrics: generate ifupdown configuration Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 11/17] api: add fabrics subfolder Gabriel Goller
2025-04-02 10:41 ` Fabian Grünbichler [this message]
2025-04-02 12:20 ` Stefan Hanreich
2025-04-02 12:29 ` Fabian Grünbichler
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 12/17] api: fabrics: add common helpers Gabriel Goller
2025-04-02 10:41 ` Fabian Grünbichler
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 13/17] fabric: openfabric: add api endpoints Gabriel Goller
2025-04-02 10:37 ` Fabian Grünbichler
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 14/17] fabric: ospf: " Gabriel Goller
2025-04-02 10:37 ` Fabian Grünbichler
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 15/17] test: fabrics: add test cases for ospf and openfabric + evpn Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 16/17] frr: bump frr config version to 10.2.1 Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-network 17/17] frr: fix reloading frr configuration Gabriel Goller
2025-04-02 10:37 ` Fabian Grünbichler
2025-04-02 10:42 ` Stefan Hanreich
2025-03-28 17:13 ` [pve-devel] [PATCH pve-manager 1/7] api: use new generalized frr and etc network config helper functions Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-manager 2/7] fabrics: add common interface panel Gabriel Goller
2025-04-02 9:26 ` Friedrich Weber
2025-04-02 10:04 ` Gabriel Goller
2025-04-02 10:10 ` Friedrich Weber
2025-03-28 17:13 ` [pve-devel] [PATCH pve-manager 3/7] fabrics: add additional interface fields for openfabric and ospf Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-manager 4/7] fabrics: add FabricEdit components Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-manager 5/7] fabrics: add NodeEdit components Gabriel Goller
2025-04-03 9:16 ` Christoph Heiss
2025-04-04 15:45 ` Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-manager 6/7] fabrics: Add main FabricView Gabriel Goller
2025-04-02 9:26 ` Friedrich Weber
2025-04-02 9:50 ` Christoph Heiss
2025-04-02 10:40 ` Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-manager 7/7] utils: avoid line-break in pending changes message Gabriel Goller
2025-03-28 17:13 ` [pve-devel] [PATCH pve-docs 1/1] fabrics: add initial documentation for sdn fabrics Gabriel Goller
2025-03-31 8:44 ` Shannon Sterz
2025-03-31 12:24 ` Gabriel Goller
2025-04-02 8:43 ` Gabriel Goller
2025-04-02 8:49 ` Christoph Heiss
2025-04-02 9:09 ` Gabriel Goller
2025-04-02 9:16 ` Christoph Heiss
2025-04-03 8:30 ` [pve-devel] [PATCH cluster/docs/manager/network/proxmox{, -ve-rs, -firewall, -perl-rs} 00/52] Add SDN Fabrics Friedrich Weber
2025-04-03 10:21 ` Gabriel Goller
2025-04-03 13:44 ` Friedrich Weber
2025-04-03 14:03 ` Stefan Hanreich
2025-04-03 14:20 ` Friedrich Weber
2025-04-04 7:53 ` Stefan Hanreich
2025-04-04 10:55 ` Hannes Duerr
2025-04-04 12:48 ` Gabriel Goller
2025-04-04 12:53 ` Hannes Duerr
2025-04-04 14:26 ` Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1743587597.uxpiwfvh9n.astroid@yuna.none \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal